US authorities have charged a 23-year-old Canadian man accused of developing and operating the KimWolf botnet, which infected over one million internet-connected devices, including webcams and digital photo frames. Jacob Butler, also known online as “Dort,” was arrested in Ottawa, Canada.

According to court documents, KimWolf was a “cybercrime-as-a-service” operation, allowing customers to rent access to infected devices and launch distributed denial-of-service (DDoS) attacks against targets around the globe. Authorities say the botnet generated more than 25,000 attack commands and was linked to cyber-attacks reaching nearly 30 terabits per second. Some victims reportedly suffered financial losses exceeding $1 million.

The charges against Butler were initially filed on April 10, 2026, but remained sealed until his arrest. Police allegedly linked him to the botnet using IP address records, online accounts, financial transactions, and messaging app data obtained through legal process. Butler faces one count of aiding and abetting computer intrusion. If convicted, he could face up to 10 years in prison.

The arrest follows a March 2026 international law enforcement operation that dismantled the infrastructure behind several major botnets, including KimWolf, Aisuru, JackSkid, and Mossad IoT. Authorities also seized online services connected to 45 DDoS-for-hire platforms believed to support cybercriminal activity.

Niederländische Polizei verhaftet zwei Verdächtige und beschlagnahmt 800 Server bei Ermittlungen im Zusammenhang mit russischen Hackern

Die niederländischen Behörden haben im Rahmen einer Untersuchung gegen ein Webhosting-Unternehmen, dem die Unterstützung von Cyberangriffen, Desinformationskampagnen und Einmischungsoperationen gegen die Europäische Union vorgeworfen wird, zwei Verdächtige festgenommen und mehr als 800 Server beschlagnahmt.

Die Festnahmen wurden von der niederländischen Behörde für Finanzkriminalität durchgeführt, die mitteilte, dass die Verdächtigen Verbindungen zu russischen und belarussischen Einheiten hätten, die derzeit unter EU-Sanktionen stehen. Die Behörden durchsuchten drei Betriebsstätten in den Städten Enschede und Almere sowie zwei Rechenzentren in Dronten und Schiphol-Rijk. Bei den Razzien beschlagnahmten Polizisten Verwaltungsunterlagen, Laptops, Mobiltelefone und hunderte Server.

According to authorities, the hosting company was founded on February 10, 2022, just two weeks before Russia launched its full-scale invasion of Ukraine. Officials allege that in the following years, the company became a key infrastructure provider for destabilizing activities directed at the EU.

Dutch authorities said the company facilitated cyber-attacks, interference operations, and the spread of disinformation aimed at undermining democratic institutions and disrupting public and economic systems across Europe. Officials also said that the hosting provider supported Russian efforts involving information manipulation and attacks on digital infrastructure.

Authorities didn’t disclose the names of the suspects or the companies under investigation. According to a report from Dutch newspaper De Volkskrant, the companies provided services to the pro-Russian hacktivist group NoName057(16), known for launching distributed denial-of-service (DDoS) attacks against critical organizations in Europe. In July 2025, an international law enforcement effort disrupted the NoName057(16) network, with authorities making two arrests and issuing seven arrest warrants.

In another case, a 24-year-old cargo worker from Amsterdam was arrested at Schiphol Airport on suspicion of hacking company systems and leaking confidential logistics information. Authorities say the suspect shared sensitive cargo data with drug trafficking networks, helping them move narcotics through the airport without detection.

Also, Dutch police apprehended a 35-year-old man for allegedly hacking AFC Ajax’s computer systems earlier this year. Authorities say he gained unauthorized access to the club’s systems multiple times, exposing personal data of hundreds of people. The breach also allowed changes to stadium bans for fewer than 20 fans and enabled ticket transfers between accounts.

„Crime-as-a-Service“-Bande bei großer europäischer Polizeiaktion zerschlagen

Ein internationales Cyberkriminalitätsnetzwerk, das für groß angelegten Bankbetrug in ganz Europa verantwortlich war, wurde im Rahmen einer koordinierten Operation unter Beteiligung der spanischen Nationalpolizei, Europol, der deutschen Polizei und französischer Behörden zersetzt.

The group created and distributed phishing and smishing tools that allowed criminals to steal sensitive banking information from victims. Operating under a “crime-as-a-service” model, the suspects offered ready-to-use cyber fraud platforms and services to other offenders in exchange for payment.

The criminal network operated in Spain, France, Germany, Austria, and the Netherlands, with connections to Morocco and the United States. Authorities believe the gang stole confidential banking data from thousands of victims, storing the information on hidden online platforms before selling it to other cybercriminals. According to police, the group directly targeted more than 2,000 customers of German banks through phishing campaigns and used the stolen credentials to carry out fraudulent bank transfers.

Bei koordinierten Razzien in Barcelona, Sitges, Paris und Nizza verhafteten Strafverfolgungsbeamte drei mutmaßliche Drahtzieher der Operation. Die Behörden sicherten zudem Krypto-Assets im Wert von rund 1,5 Millionen Euro und deckten Belege für Geldwäsche durch den Erwerb von Luxusgütern und Immobilien auf. Offizielle Schätzungen belaufen sich auf bestätigte finanzielle Verluste von über 4 Millionen Euro; der tatsächliche Betrag dürfte jedoch deutlich höher sein, da viele Opfer die Straftaten möglicherweise nie angezeigt haben.

Albanischer Verdächtiger hinter VenomRAT an Frankreich ausgeliefert

Ein 39-jähriger albanischer Staatsbürger, der online unter dem Namen „Venom“ bekannt ist, wurde nach seiner Festnahme in Athen, Griechenland, im vergangenen November im Rahmen einer internationalen Cyberkriminalitätsuntersuchung nach Frankreich ausgeliefert. Der Verdächtige wurde Mitte Mai an die französischen Behörden überstellt, nachdem griechische Cyberkriminalitätsbeamte in Begleitung von FBI-Vertretern und französischen Justizpolizisten am 3. November 2025 seine Wohnung im Athener Stadtteil Nikaia durchsucht hatten.

Die Behörden werfen dem Mann vor, VenomRAT, einen Remote Access Trojan (RAT), entwickelt und verkauft zu haben, der in der Lage ist, aus der Ferne auf infizierte Computer zuzugreifen und sensible Daten zu stehlen. Gerichtsunterlagen zufolge habe er die Malware zwischen 2021 und 2025 mindestens 36-mal verkauft. Die Ermittlungen begannen 2022, als australische Behörden, die RAT-Malware-Entwickler ins Visier nahmen, die digitale Aktivität des Verdächtigen über Social-Media-Konten und zwei griechische Handynummern zurückverfolgten.

Im Juni 2023 erwarben FBI-Agenten in Los Angeles Berichten zufolge ein Monatsabonnement für VenomRAT, um dessen Fähigkeiten zu analysieren. Später verknüpfte die Polizei Kryptowährungstransaktionen mit einer E-Mail der albanischen Botschaft in Athen bezüglich eines Passverlängerungsantrags, um die Identität des Verdächtigen zu bestätigen.

French authorities issued an arrest warrant on November 5, 2025, accusing the suspect of cyber-related offenses carried out in northern France.

Demo anfordern

ImmuniWeb kann Ihnen helfen, Datenpannen zu verhindern und regulatorische Anforderungen zu erfüllen.

Rumänischer Hacker in den USA wegen Verkauf von Zugriffen auf staatliches Netzwerk verurteilt

A Romanian national has been sentenced to prison in the United States after he admitted to selling unauthorized access to an Oregon state government computer network on the Dark Web. Catalin Dragomir, 46, formerly of Constanta, Romania, pleaded guilty on February 19, 2026, to obtaining information from a protected computer and aggravated identity theft.

According to court documents, Dragomir gained unauthorized access to a computer connected to an Oregon state government office and later sold access to the system online. Prosecutors said he provided prospective buyers with samples of personal identifying information taken from the compromised computer.

Authorities said Dragomir also sold access to the networks of numerous other victims in the United States and worldwide, causing losses estimated at more than $250,000. He allegedly used multiple aliases on the Dark Web to hide his identity. Dragomir was arrested in Romania in November 2024 and extradited to the United States in January 2025.

Meanwhile, a 36-year-old man from Ohio was sentenced for computer fraud after causing more than $860,000 in damages to his former employer. After being fired from his IT contract position in May 2021, Maxwell Schultz illegally accessed the company’s network by impersonating another contractor and resetting about 2,500 employee passwords, locking thousands of workers out nationwide. He also attempted to cover his tracks by deleting logs and system records. The attack disrupted operations and customer service, leading to significant financial losses. Schultz admitted he carried out the attack because he was angry about losing his job.